The launch of cloud security startup Cato Networks by cybersecurity expert Shlomo Kramer reminded me of the episode of USA's Mr. Robot when Elliot Alderson explains why he chose his healthcare provider – limited security budget and limited security staff let him break through the perimeter defenses and change his medical records to cover up his lifestyle. In the real world, though, cyber threats are scaling faster than enterprises can respond. Like Elliot, Kramer is counting on enterprises with limited security staff and budgets turning to his new venture for end-to-end, perimeter-less security.
According to a report by Reuters, Cato Networks is different because it asks customers to move all their traffic to its encrypted network. In other words, Cato is the opposite of Check Point Software Technologies, the company Kramer co-founded in 1998 that invented a perimeter defense used by almost all enterprises. The mobile internet has changed how the enterprise works. Large numbers of employees operate outside of the traditional security perimeter, necessitating a new way of looking at cyber defenses.
David Cowan, a Bessemer Ventures partner, said in the report, "You're not going to see big companies just moving their critical traffic over this hodgepodge network that they will knit together." But, frankly, what are CIOs' choices? Like the IT manager of Elliot's healthcare provider in Mr. Robot, their limited staff and budgets mean they can't scale to match today's cybersecurity threats. The Financial Times reported a 30% deficit of security talent by the end of the decade, when demand for 6 million certified security experts exceeds a supply of 4.5 million. During the last decade, the cyber threat has metastasized from small hacker groups into nation states like China engaged in national and industrial espionage and organized crime attacking financial assets. Last year, there was barely a week without news of data breaches affecting millions of people whose data had been entrusted to some large organization. Anthem, Premera, Ashley Madison, the IRS and the U.S. government's Office of Personnel Management, to name just a few, were all humbled by breaches.
Building a perfect perimeter is like building an ancient walled city and hoping to outlast a never-ending siege from an enemy whose weapons are evolving all the time. The reality facing CIOs is that there are really just two kinds of companies: those that have been breached, and those that haven't been breached yet. Some enterprises will meet the cybersecurity threat, but with more than just a strong perimeter defense. They will change their security operations to look more like a platform company.
A look at how platform company Google runs its security operations lends some insights into the challenges facing enterprises and what Cato Networks may be trying to replicate to help these enterprises. Google runs its Global Security Operations at an enormous scale to monitor the security that's built into its networks, data centers, and products. It does a great job with encryption, authentication, and physical security to keep intruders out. However, it does a better job predicting, detecting, and defending against attempted breaches and attacks. The company can also afford to recruit the best talent from the limited pool of security pros. Using predictive analytics on a huge trove of security data collected from its enormous world-wide operations and independent sources, Google can predict and respond to the cyber threats at a scale few other companies can match.
Cato raised $20 million in a round led by U.S. Venture Partners and Aspect Ventures to outsource network security into the cloud. Kramer is betting that his new venture can scale and operate like the security operations of Google to protect its customers' traffic in a perimeter-less fashion.